Opportunistic Encryption [Was: Keys not trusted]
Ingo Klöcker
ingo.kloecker@epost.de
Wed May 14 01:21:33 2003
--Boundary-02=_9dXw+80XM/UMz1J
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Content-Description: signed data
Content-Disposition: inline
On Tuesday 13 May 2003 15:52, Yenot wrote:
> 2) As implemented today, the Web-of-Trust is bad for privacy.
> Advertising e-mail addresses combined with a list of your closest
> contacts (via signatures) works well for an authentication
> protocol, but it's not a good privacy protocol.
Nobody forces you to put your name or your email address on a key. And=20
nobody forces you to let your key be signed by others or to sign=20
others' keys.
> The
> Web-of-Trust forces people to disclose this very same information
> that a large percentage of the population (at least in America)
> do not want published.
Trust is the principle the WoT is built upon. Without trust the WoT=20
can't exist. And trust can't really co-exist with anonymity. You have=20
to know who the key owner is before you can tell GnuPG how much trust=20
you want to put in the key owner.
> Solution:
[snip]
> 3 Authentication Levels:
>
> L1) No protection (unencrypted, key not available)
> L2) Passive attack protection (encrypted, key not verified)
> L3) Active attack protection (encrypted, key verified)
>
> The difference between (L2) and (L3) could be clearly visable to the
> user with clever icons. I strongly believe that we can solve this
> problem without confusing the user or giving them a false sense of
> security.
Any proposals for how these clever icons should look like?
> For getting from L2 -> L3, I think it would be nice if programs like
> KMail provided a very simple pop-up showing:
> 1) fingerprint of your key
> 2) fingerprint of key to be verified
> 3) an "OK" button to locally sign the key
=46irst you talk about making encryption as easy as possible for the=20
masses (by omitting fingerprint exchanges at keysigning events) and now=20
you propose to show them the fingerprint? Do you really think that=20
showing the fingerprint will be any good for Joe User?
> Outstanding Question: How to pick an unauthenticated key?
>
> If I'm replying to a signed message (and the reply-to address matches
> a UID on the signing key), I would pick the key used to sign the
> received message.
Good idea.
Regards,
Ingo
--Boundary-02=_9dXw+80XM/UMz1J
Content-Type: application/pgp-signature
Content-Description: signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iD8DBQA+wXd9GnR+RTDgudgRAuXoAKCAtS684q5wycMDGMqW1gc+74CgcgCfWmLm
mZc5drKSnhPpn7KB8Gegm7E=
=H7gT
-----END PGP SIGNATURE-----
--Boundary-02=_9dXw+80XM/UMz1J--